This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Exim First view 2010-06-07
Product Exim Last view 2020-05-11
Version 4.02 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:exim:exim

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-05-11 CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

7.8 2020-04-02 CVE-2020-8015

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

9.8 2019-09-27 CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

9.8 2019-09-06 CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

9.8 2019-07-25 CVE-2019-13917

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

9.8 2019-06-05 CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

9.8 2018-02-08 CVE-2018-6789

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

4 2017-06-19 CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

5.9 2017-02-01 CVE-2016-9963

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

7 2016-04-07 CVE-2016-1531

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

4.6 2014-09-04 CVE-2014-2972

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

6.8 2014-09-04 CVE-2014-2957

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

7.5 2011-10-04 CVE-2011-1764

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

6.9 2011-02-01 CVE-2011-0017

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

6.9 2010-12-14 CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

9.3 2010-12-14 CVE-2010-4344

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

4.4 2010-06-07 CVE-2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

4.4 2010-06-07 CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

CWE : Common Weakness Enumeration

%idName
16% (3) CWE-20 Improper Input Validation
11% (2) CWE-362 Race Condition
11% (2) CWE-264 Permissions, Privileges, and Access Controls
11% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
5% (1) CWE-404 Improper Resource Shutdown or Release
5% (1) CWE-320 Key Management Errors
5% (1) CWE-189 Numeric Errors
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-125 Out-of-bounds Read
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-19 Data Handling

SAINT Exploits

Description Link
Exim SMTP listener base64d function one-character buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
72156 Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Form...
70696 Exim log.c open_log() Function Local Privilege Escalation
69860 Exim exim User Account Configuration File Directive Local Privilege Escalation
69685 Exim string_format Function Remote Overflow
65159 Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
65158 Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite

ExploitDB Exploits

id Description
16925 Exim4 <= 4.69 string_format Function Heap Buffer Overflow

OpenVAS Exploits

id Description
2012-12-13 Name : SuSE Update for exim openSUSE-SU-2012:1404-1 (exim)
File : nvt/gb_suse_2012_1404_1.nasl
2012-07-30 Name : CentOS Update for exim CESA-2010:0970 centos4 x86_64
File : nvt/gb_CESA-2010_0970_exim_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for exim CESA-2011:0153 centos4 x86_64
File : nvt/gb_CESA-2011_0153_exim_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for exim CESA-2011:0153 centos5 x86_64
File : nvt/gb_CESA-2011_0153_exim_centos5_x86_64.nasl
2011-08-09 Name : CentOS Update for exim CESA-2011:0153 centos5 i386
File : nvt/gb_CESA-2011_0153_exim_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2232-1 (exim4)
File : nvt/deb_2232_1.nasl
2011-08-03 Name : FreeBSD Ports: exim
File : nvt/freebsd_exim3.nasl
2011-05-23 Name : Fedora Update for exim FEDORA-2011-7059
File : nvt/gb_fedora_2011_7059_exim_fc13.nasl
2011-05-23 Name : Fedora Update for exim FEDORA-2011-7047
File : nvt/gb_fedora_2011_7047_exim_fc14.nasl
2011-05-17 Name : Ubuntu Update for exim4 USN-1130-1
File : nvt/gb_ubuntu_USN_1130_1.nasl
2011-04-19 Name : Fedora Update for exim FEDORA-2010-12375
File : nvt/gb_fedora_2010_12375_exim_fc14.nasl
2011-03-05 Name : exim -- local privilege escalation
File : nvt/freebsd_exim2.nasl
2011-02-11 Name : Ubuntu Update for exim4 vulnerabilities USN-1060-1
File : nvt/gb_ubuntu_USN_1060_1.nasl
2011-01-31 Name : CentOS Update for exim CESA-2010:0970 centos4 i386
File : nvt/gb_CESA-2010_0970_exim_centos4_i386.nasl
2011-01-31 Name : CentOS Update for exim CESA-2011:0153 centos4 i386
File : nvt/gb_CESA-2011_0153_exim_centos4_i386.nasl
2011-01-24 Name : FreeBSD Ports: exim
File : nvt/freebsd_exim1.nasl
2011-01-21 Name : RedHat Update for exim RHSA-2011:0153-01
File : nvt/gb_RHSA-2011_0153-01_exim.nasl
2011-01-04 Name : SuSE Update for exim SUSE-SA:2010:059
File : nvt/gb_suse_2010_059.nasl
2010-12-28 Name : Ubuntu Update for exim4 vulnerability USN-1032-1
File : nvt/gb_ubuntu_USN_1032_1.nasl
2010-12-28 Name : RedHat Update for exim RHSA-2010:0970-01
File : nvt/gb_RHSA-2010_0970-01_exim.nasl
2010-06-11 Name : Fedora Update for exim FEDORA-2010-9524
File : nvt/gb_fedora_2010_9524_exim_fc13.nasl
2010-06-11 Name : Fedora Update for exim FEDORA-2010-9506
File : nvt/gb_fedora_2010_9506_exim_fc12.nasl
2010-06-03 Name : Exim < 4.72 RC2 Multiple Vulnerabilities
File : nvt/gb_exim_4_72.nasl

Snort® IPS/IDS

Date Description
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53378 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53377 - Type : SERVER-OTHER - Revision : 1
2020-04-02 Exim unauthenticated remote code execution attempt
RuleID : 53376 - Type : SERVER-OTHER - Revision : 1
2019-07-09 Exim remote command execution attempt
RuleID : 50356 - Type : SERVER-MAIL - Revision : 1
2018-09-18 EHLO user overflow attempt
RuleID : 47541 - Type : SERVER-MAIL - Revision : 2
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3
2014-01-10 AUTH user overflow attempt
RuleID : 3824 - Type : SERVER-MAIL - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-03-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-970.nasl - Type: ACT_GATHER_INFO
2018-03-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201803-01.nasl - Type: ACT_GATHER_INFO
2018-03-06 Name: The remote mail server is potentially affected by a buffer overflow vulnerabi...
File: exim_4_90_1.nasl - Type: ACT_GATHER_INFO
2018-02-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5aec14e125.nasl - Type: ACT_GATHER_INFO
2018-02-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-25a7ba3cb6.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_316b3c3e0e9811e88d4197657151f8c2.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4110.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote Debian host is missing a security update.
File: debian_DLA-1274.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO
2017-09-25 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-19.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f5177f3a16.nasl - Type: ACT_GATHER_INFO
2017-08-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-980.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-714.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1001.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8c1a271d56cf11e7b9fec13eb7bcbf4f.nasl - Type: ACT_GATHER_INFO
2017-06-20 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3322-1.nasl - Type: ACT_GATHER_INFO
2017-06-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3888.nasl - Type: ACT_GATHER_INFO
2017-03-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-804.nasl - Type: ACT_GATHER_INFO
2017-01-06 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3164-1.nasl - Type: ACT_GATHER_INFO
2016-12-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e7002b26caaa11e6a76a9f7324e5534e.nasl - Type: ACT_GATHER_INFO
2016-12-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3747.nasl - Type: ACT_GATHER_INFO
2016-12-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-762.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201607-12.nasl - Type: ACT_GATHER_INFO
2016-03-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2933-1.nasl - Type: ACT_GATHER_INFO
2016-03-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3517.nasl - Type: ACT_GATHER_INFO